colinoflynn
commented
2 years ago @anotherlousytag Can you drop a note to sales@newae.com with your contact email you prefer (and mention your issue # / github username)? With some delay we're finalizing the contest results now and realized GitHub doesn't allow us to message people here!
anotherlousytag
Proposal
An increasing onus is being placed on ensuring that hardware-based cryptographic implementations are designed with countermeasures against both side channel attacks (SCA) and fault attacks (FA). This is particularly critical when considering embedded and IoT devices in the field, to which an attacker may more readily have physical access, where trust of communication or data from the device may be dependent on the secrecy of installed cryptographic material. However, adding such countermeasures on top of already resource hungry cryptographic algorithms presents additional challenges on these, often already constrained, devices. This has lead to substantial interest in lightweight cryptograhic (LWC) solutions, one such algorithm is TinyJAMBU. A side-channel resistant implementation of this algorithm utilising Domain Oriented Masking (DOM) is described in Abubakr A. et al. (2021).
It is noted that whilst Abubakr A. et al. (2021) demonstrates that the described implementation of TinyJAMBU is resistant to SCA owing to limited information leakage (determined using test-vector leakage assessment methodology), the resistance to combined SCA and fault template attack (FTA) is not investigated. Under this proposal, a combined SCA and FTA technique to attack the side-channel resistant implementation of TinyJambu will be researched with a view recovering the key or partial key. Similar techniques will be applied to an AES implementation with comparable countermeasures to determine if TinyJAMBU remains favourable, when compared to AES, under this type of attack. It is noted that there will be some differences in the way the techniques are executed between the two algorithms with a focus on propagation of faults through the S-box for AES and the nonlinear shift register (NLFSR) for TinyJAMBU.
This proposal takes inspiration from the work of Saha S. et al (2021) and will seek to reimagine the described techniques and methodologies in a way that is applicable to the target algorithms using the precise fault injection (and other) capabilities of the ChipWhisperer-Husky, alongside equipment that might be found on a typical electronics workbench, rather than the, less accessible, laser fault injection described.
Hardware implementations of the target algorithms will be implemented on the - CW305 Artix FPGA 7A35 Target Board as follows:
Publication
The body of work, including all methodology, results, code, and templates as well as detailed instructions on replicating the work, will be released in a git repository under the MIT license. If the work results in viable techniques that aren't covered by pre-existing NewAE material, a Juypter notebook will be produced in the style of the existing ChipWhisperer tutorials to support others with understanding and reproducing the techniques.
At least one blog post will be produced discussing 'lessons learnt' and challenges overcome. Additionally, at least one video will be created to give an overview of the project as a whole and showcase the setup used to produce described results. Links to any such supporting material will be included in the github Readme.md. If the work gains significant interest, I may also host a livestream in an AMA style.
Proposed Licenses
Extras
If a CW308 board were provided as part of the prize, it would be used to undertake additional, seperate work investigating lightweight implementations of cryptographic algorithms on the Atmel ATXmega128A4U-AU and MegaRF2564RFR2 8-bit microcontrollers. The initial aim would be to replicate the work of Ruminot-Ahumada et al. (2021) deploying AES-128 with SCA countermeasures on the ATXmega128A4U-AU, and performing SCA against it to capture baseline data. The same countermeasures would then be used with an existing ZigBee implementation on the MegaRF2564RFR2. Whereas Ruminot-Ahumada et al. (2021) specifically explored side-channel leaks during encryption and decryption, this work will be focused on data validation routines and will evaluate how effective the countermeasures are against SCA on the ZigBee Message Integrity Code (MIC) process. This work would be released under the same license(s) as that of the main proposal.
Citations
Abubakr Abdulgadir, Sammy Lin, Farnoud Farahmand, Jens-Peter Kaps, Kris Gaj. 2021. Side-Channel Resistant Implementations of a Novel Lightweight Authenticated Cipher with Application to Hardware Security. In Proceedings of the Great Lakes Symposium on VLSI 2021 (GLSVLSI ’21), June 22–25, 2021, Virtual Event, USA. ACM, New York, NY, USA, 6 pages. https://doi.org/10.1145/3453688.3461761
Saha S., Bag A., Jap D., Mukhopadhyay D., Bhasin S. (2021) Divided We Stand, United We Fall: Security Analysis of Some SCA+SIFA Countermeasures Against SCA-Enhanced Fault Template Attacks. In: Tibouchi M., Wang H. (eds) Advances in Cryptology – ASIACRYPT 2021. ASIACRYPT 2021. Lecture Notes in Computer Science, vol 13091. Springer, Cham. https://doi.org/10.1007/978-3-030-92075-3_3
N. Ruminot-Ahumada, C. Valencia-Cordero and R. Abarzúa-Ortiz, "Side Channel Attack Countermeasure for Low Power Devices with AES Encryption," 2021 IEEE International Conference on Automation/XXIV Congress of the Chilean Association of Automatic Control (ICA-ACCA), 2021, pp. 1-7, https://doi.org/10.1109/ICAACCA51523.2021.9465337
Additional Note
Thanks for hosting this giveaway, with such incredible prizes, in such an exciting niche!